Today, a variety of computer devices are capable of communicating wirelessly. For example, mobile computing devices such as personal computers, personal digital assistants, cellular phones, printers, scanners and others may communicate over a wireless local area network (WLAN) using the IEEE 802.11 standard for wireless networking. To access wireless network, the computer devices, or other client devices, may wirelessly “associate” with a device configured as an access point (AP), which then provides the client devices with access to system or network resources. An AP can be implemented as a dedicated device configured specifically to provide network access or may be implemented by programming a computer that performs other functions. When implemented by programming a computer, the access point may be called a “soft AP.” The resources to which a soft AP provides access may, like a “hard AP,” include other devices connected to a network, and in some instances may include applications or other elements within the computer acting as the soft AP.
To enable secure communication, the client devices and the AP mutually authenticate each other by exchanging secret information. If the exchange is successful, the AP allows the client device to connect to the network. The secret information may be pre-shared keys. If pre-shared keys are used, the AP and associated wireless client devices are provisioned with an identical pre-shared key used for the authentication.
For example, according to the WPA and WPA2 authentication and key exchange protocols, when attempting to access a network, a client device provides information generated with its pre-shared key to the AP. If the AP can verify that information using its copy of the pre-shared key, the client is authenticated. The pre-shared key may be used to derive temporary session keys, for data encryption and decryption, and for other purposes.
Conventionally, if pre-shared keys are used, an AP uses a single pre-shared key for associating with client devices. Thus, all client devices associated with the same AP share the same pre-shared key.